Abstract: A system and method of a localization middleware for localizing datasets using textual replacement techniques. The method includes receiving a request for a particular dataset that is stored in a data store, the particular dataset includes a plurality of textual strings in a non-regional version. The method includes determining a regional version for the particular dataset based on the request. The method includes identifying a library of translations associated with the non-regional version and the regional version. The method includes performing, by a processing device based on the library of translations and the particular dataset, a string replacement procedure to generate a localized dataset including one or more textual strings in the regional version.

Abstract: Techniques for identifying data usable for generating security recommendations are discussed herein. A system can determine unique identifiers for events associated with a data stream and determine a frequency of different events occurring in the data stream. The system can generate recommendation data usable for defending the data stream from future malicious events based on a number of similar events occurring over a time period.

Abstract: Techniques and systems for a security service system configured with a sensor component including a machine learning (ML) malware classifier to perform behavioral detection on host devices. The security service system may deploy a sensor component to monitor behavioral events on a host device. The sensor component may generate events data corresponding to monitored operations targeted by malware. The system may map individual events from events data onto a behavioral activity pattern and generate process trees. The system may extract behavioral artifacts to build a feature vector used for malware classification and generate a machine learning (ML) malware classifier. The sensor component may use the ML malware classifier to perform asynchronous behavioral detection on a host device and process system events for malware detection.

Abstract: Automated source code similarity greatly improves computer functioning. Any source code file is evaluated with respect to publicly-available open source code. If the source code file is similar to the publicly-available open source code, then a computer system may be approved or authorized to perform any hardware/software operations associated with the source code file. Should, however, the source code file be dissimilar to the publicly-available open source code, then the hardware/software operations are blocked to prevent disclosure of the source code file. For example, read/write/input/output operations are blocked and/or network interfaces are disabled. Source code similarity thus thwarts suspicious activities that indicate misappropriation or exfiltration of the source code file.

Abstract: A security agent configured to initiate a security agent component as a hypervisor for a computing device is described herein. The security agent component may change a value of a processor configuration register, such as a Model Specific Register (MSR), in order to cause system calls to be redirected to the security agent, and may set an intercept for instructions for performing read operations on the processor configuration register so that a process, thread, or component different from the processor of the computing device may receive the original value of the processor configuration register instead of an updated value of the processor configuration register. The security agent component may also be configured to generate interrupts to offload task execution from the hypervisor to a security agent executing as a kernel-level component.

Abstract: Embedding entity matching greatly improves computer functioning. Different datasets are matched to a common entity using entity embeddings generated by a machine learning entity embedding model. The entity embeddings are converted to entity similarities, thus revealing the datasets associated with the common entity. Efficient matrix operations further improve computer functioning. Embedding entity matching thus quickly identifies common employee records and user accounts using less hardware resources, less electricity, and less time.

Abstract: Nodal redundancy storage decisions efficiently distribute redundant copies of electronic data. A cloud computing network establishes a policy that governs how and where the redundant copies are stored within the cloud computing network (such as by region, zone, and cluster targets). Each cloud computing node is then delegated, with autonomy, to manage a redundant copy to achieve the policy established by the cloud computing network. Each cloud computing node may independently and individually decide to store, to not store, or to evict the redundant copy without consensus of other nodes and without consultation or instruction from the cloud computing network. The nodal redundancy storage decisions are thus decentralized from region, zone, and cluster management.

Abstract: Nodal work assignments efficiently distribute server work items, such as storing redundant copies of electronic data. A cloud computing network establishes a policy that governs how and where the redundant copies are stored cloud computing nodes (such as by region, zone, and cluster targets). The cloud computing network repeatedly or continuously re-evaluates the work assignments based on replication assignment skews and/or leadership penalties. The nodal work assignments thus minimize hardware and software operations, network traffic, and electrical energy consumption.

Abstract: Methods and systems for injected byte buffer data classification are disclosed. According to an implementation, a security agent can detect process injection events, gather byte buffer data associated with the process injection events, and send the byte buffer data to a security service comprising a byte buffer classification function. The byte buffer classification function can be implemented as a trained transformer type neural network machine learning model, which can analyze the byte buffer data and generate a classification output comprising a probability that the byte buffer data is associated with a malicious process injection.

Abstract: A cybersecurity service protects endpoint devices from cybersecurity attacks. The cybersecurity service deploys cybersecurity attack feature vectors to agents in the field. The cybersecurity attack feature vectors are created in the cloud to efficiently describe observed groups of cybersecurity attacks. One method to assemble these is to generate clustering centroids for the observed groups. Each agent monitors its host according to the cybersecurity attack feature vectors. Each agent monitors its host's event behaviors and locally extracts an event behavior feature vector. The agent compares the cybersecurity attack feature vectors to the event behavior feature vector and, if similarity is determined, then the agent determines that the host's event behaviors are evidence of a cybersecurity attack. The agent may implement threat procedures, such as suspending/terminating the event behaviors and generating alerts.

Abstract: A digital security system can store data associated with entities in resolver trees. If the digital security system determines that two resolver trees are likely representing the same entity, the digital security system can use a merge operation to merge the resolver trees into a single resolver tree that represents the entity. The single resolver tree can include a merge node indicating a merge identifier of the merge operation. Nodes containing information merged into the resolver tree from another resolver tree during the merge operation can be tagged with the corresponding merge identifier. Accordingly, if the merge operation is to be undone, for instance if subsequent information indicates that the entries are likely separate entities, the resolver tree can be unmerged and the nodes tagged with the merge identifier can be restored to a separate resolver tree.

Abstract: The present disclosure provides an approach of providing, to an artificial intelligence (AI) model, a malicious script that includes a malicious behavior. The AI model is configured to modify software code of the malicious script to produce modified software code that obfuscates the malicious behavior. The approach produces, by a processing device using the AI model, an adversarial script that includes the modified software code that obfuscates the malicious behavior. In turn, the approach initiates a malware detector to test the adversarial script.

Abstract: A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.

Abstract: A cloud-based cyber security detection prediction service pre-screens cyber security detections reported by endpoint client devices. The endpoint client devices report the cyber security detections to a cloud-computing environment providing the cloud-based cyber security detection prediction service. The cyber security detections are compared to a cyber security assessment profile generated by a machine learning model trained using human expert cyber security assessments. The human expert cyber security assessments were applied by human cyber security subject matter experts scrutinizing historical detection data. The cloud-based cyber security detection prediction service thus provides a much faster cyber security prediction based on human expertise.

Abstract: Nodal work assignments efficiently distribute server work items, such as storing redundant copies of electronic data. A cloud computing network establishes a policy that governs how and where the redundant copies are stored cloud computing nodes (such as by region, zone, and cluster targets). The cloud computing network repeatedly or continuously re-evaluates the work assignments based on replication assignment skews and/or leadership penalties. The nodal work assignments thus minimize hardware and software operations, network traffic, and electrical energy consumption.

Abstract: A rules-based malware detection and assessment service pre-screens malware events reported by endpoint client devices. The endpoint client devices report the malware events to a cloud-computing environment providing the malware detection and assessment service. The malware events are compared to logical rules specifying malware and safe activities. Moreover, the malware detection and assessment service maintains a comprehensive, historical database that stores logs and tracks each malware event. Any new malware events are compared to the historical database. Any matching historical entry indicates a duplicate or repetitive malware detection, so the historical detection and assessment may be retrieved and suggested. The rules-based malware detection and assessment service thus provides a much faster and simpler resolution that easily scales to the ever-increasing volume of malware reports.

Abstract: A first message structure is selected from a first subset of a plurality of message structures based on a size of a message payload and a message type of the message payload. Each of the first subset of the plurality of message structures has a different size. A size of the first message structure is greater than or equal to the size of the message payload. A first request is transmitted to an application programming interface (API) utilizing the size of the first message structure. In response to transmitting the first request to the API, a reference is received to a buffer structure. The message payload is copied into the buffer structure using the reference to the buffer structure.

Abstract: Boot status markers record historical boot processes performed by a computer system. Each time the computer system boots, an operating system performs a boot process and interfaces with an antimalware driver. The antimalware driver determines the boot status markers that were set during previous boot processes. The antimalware driver may then classify other drivers based on the boot status markers set during the previous boot processes. The antimalware driver may then report driver classifications to the operating system. The operating system may then block, or allow, the drivers based on the driver classifications.

Abstract: A method of placing an ad in a video in an original format may include producing a transcoded video in a proxy format which is a representation of frames of the video in the original format. The transcoded video in the proxy format is convertible to other formats for output. The method may include selecting the ad from a set of ads, selecting a location within a frame of the transcoded video where the ad is to be placed, selecting frames of the transcoded video where the ad is to be placed, placing a placeholder in the transcoded video in the selected frames at the selected location, and storing the transcoded video in the proxy format. When the transcoded video is presented to a user on a display device, the selected ad is inserted in place of the placeholder.

Abstract: Systems, methods, and computer program products for smart upload automation in which actions are automatically performed on a set of digital assets against a target item. In one embodiment, a system includes a network, a server machine, a client machine and a data storage device, each of which is coupled to the network. The client machine designates digital assets and a target item against which the assets will be uploaded. The digital assets are uploaded by the client machine to the data storage device via the network. The server machine automatically performs actions on the digital assets without intervention by the client machine, where the actions are associated with or in some way defined by the target item. The actions may include setting metadata values of the digital assets based upon metadata associated with the target item, or generating different renditions of the digital assets.